This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

VMAN + ACL

VMAN + ACL

Alexandr_P
Valued Contributor

‎04-12-2016 09:21 AM

Hello!

Have scheme:
Cisco (vman tag) -> (port24 vman tag) Extreme X440 ( port 23 vman untag) -> CheckPoint
BUT CheckPoint work in passive mode (only receive traffic), also I can't see MAC of CheckPoint, so traffic don't go to port 23 (X440 don't know whom send it)

May be ACL with action But for what vlan/port I have to map this ACL?

Thank you!
0 Kudos
8 REPLIES 8

Jarek
New Contributor II

‎04-12-2016 11:05 AM

Did you try disable learning vman VmanName ?

--
Jarek
0 Kudos

Jarek
New Contributor II
In response to Jarek

‎04-12-2016 11:05 AM

Hi , Sorry for delay. Yes it should send all traffic from vman to port 23. I have tested with vlan and it works. I think with vman will be the same behavior. -- Jarek
0 Kudos

Alexandr_P
Valued Contributor
In response to Jarek

‎04-12-2016 11:05 AM

You think in this case all traffic will be directly forward to port 23?
0 Kudos

Alexandr_P
Valued Contributor

‎04-12-2016 11:03 AM

In this case to this port only will be forwarded traffic which have MAC-dst is Checkpoint, but I need all traffic have to be forwarded there.

For now I think 2 variants:
1- to do mirror, like:
#create mirror test3001

#configure mirror add vlan Int3001

#enable mirror to port 21

2- to do ACL, with match condition vlan-id (is present in EXOS 15.7), and some variants of actions:

redirect-name name—Specifies the name of the flow-redirect that must be used to redirect matching traffic.

redirect-port port—Overrides the forwarding decision and changes the egress port used.

mirror—Rules that contain mirror as an action modifier will use a separate slice.

What is your thoughts about this points?

Thank you!
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN